Let's create guidance for management and auditors concerned about DevOps.
See all
Members (1,430)
Gene Kim's profile photo
Don Meyers's profile photo
Clif Render's profile photo
Vincent Van der Kussen's profile photo
Michael Fox's profile photo
wim haedens's profile photo
Shaun Mouton's profile photo
Raúl Jiménez del Peral's profile photo
Todd Williamson's profile photo
Ruber Paulo's profile photo
jordan leibowitz's profile photo
Pradyumna Joshi's profile photo
Dj Sauer's profile photo
Annarie Oosthuizen's profile photo
Anna Kennedy's profile photo
CoreMaapR Technical Learning Services's profile photo
David Kelly's profile photo
Patrick BAILLY's profile photo
locavore-roar Vince's profile photo
George Adamski's profile photo
Jack Weintraub's profile photo
Dave Cliffe's profile photo
Pierre Paul Lefebvre's profile photo
Karen Sowa's profile photo

Stream

Join this community to post or comment
 
WANTED: DevOps Engineer/Linux Systems Administrator - £35k-£45k (doe) + benefits - Surrey

We have an excellent opportunity for an experienced DevOps Engineer/Linux Systems Administrator who has skills in Puppet/Linux/Red Hat.

Do you have a proven commercial Linux systems/Devops experience?

Do you want to join a top web development agency in Surrey & become an active member of a large PHP development team to take responsibility for managing their platform across multiple data centres (Puppet configuration management), developing & maintaining automated build processes, & internal services?

If the answer is YES, get in touch with Kevin TODAY on 01604 201030 or kevin@s-sa.co.uk
1
Add a comment...

Leo G

Discussion  - 
 
List DevOps related Tools, Guides and Softwares
1
Add a comment...

WPG Americas

Discussion  - 
 
Educating programmers: 3 things universities need to learn from game-dev schools

Software development is unique in that developers are both the architects and the construction crew for their projects. There are very few industries… - WPG Americas - Google+
1
Add a comment...

Tessa Costa

Discussion  - 
 
"The NEW DevOps eGuide is Now Available!
DevOps has moved into the spotlight of late. While developers and IT professionals have been coexisting for decades, DevOps as a formally recognized practice is relatively new and the inventory of reliable resources exploring how to innervate this movement is still rather sparse. This eGuide provides information you need both to start the DevOps conversation in your organization and to continue the momentum as the industry learns to navigate and strengthen the relationship between the development and IT groups.

Learn More: https://well.tc/33rj
1
Add a comment...
 
Check out how OpenMake Meister and Release Engineer creates a 'full strength" build to deploy DevOps process supporting multiple platforms including even - yes z/OS!  No one-off scripts were used in the creation of this demo which means that a full audit can be completed on the process.  Scripts are barriers to auditing.  It includes IBM RTC, CA Endevor and CA Harvest deploying to IBM WebSphere.  And yes you can download a free version from GitHub.  Search on OpenMake-Software/ReleaseEngineer or Meister. 
3
Kirk Brady's profile photoTracy Ragan's profile photo
5 comments
 
I get it.  I see a lot of push back from folks who love their scripts.  Products like Meister, Ansible, Puppet and Chef are minimizing this type of scripting, and creating a platform where the scripts become highly reusable and not one-off.  Build Services, Activities, Playbooks are becoming the new norm and the success stories for a less scripted solution.  These types of tools improve the execution and usefulness of the underlying reusable scripts that are yes - highly parameterized.  These types of tools can better manage, report and expose what is going on in the overall process, which may have some logic driven by the back-end scripts themselves.  But the benefit is huge as a substantial amount of automation can then be achieved and because all of this  transparency, auditing becomes a breeze.  No more digging through logs and/or one-off scripts.  And most of our customers do not want to pay programmers to keep developing redundant, one-off scripts - which is most commonly the norm.  These factors are changing the way most large organizations manage DevOps and a key driver to adoption. 
Add a comment...

Gareth Daine

Discussion  - 
 
Thought you guys might be interested in this... http://bit.ly/1XARe9y
5
1
Steve Lawless's profile photo
Add a comment...

Paul B.Dove

Discussion  - 
 
I have been watching this community develop and started thinking about the value of annual Auditing. I think that DevOps needs a new set  of audit conditions as it is a relatively burgeoning craft. A cyber attacks can happen in a minute does an annual audit make sense?
1
Add a comment...

Olivier Jacques

Discussion  - 
 
+Gene Kim +Jeff Gallimore +Byron Miller, James, great work on the DevOps audit defense toolkit. 
It looks like IT organizations could create their own version, adapted to their own continuous delivery pipeline, and share the versions back to the community.
In that case, how would licensing of the toolkit work regarding "derivative works"?
2
Add a comment...
 
DevOps Thought Leadership Webinar Series - Next Webinar "Implementing Rollback and Roll Forward Logic into your Software Deployments" presented by Phil Gibbs, VP of Technology, OpenMake Software - Wednesday, August 5th 11:00 ET. Register at:
http://www.openmakesoftware.com/devops-thought-leadership-webinar-series/
1
1
Rob England's profile photoSorabh Singhal's profile photo
 
You should publish as a podcast that people can subscribe to 
Add a comment...

About this community

Vision: Define the authoritative guidance of how management and auditors should conduct audits where DevOps practices are in place, in support of accurate financial reporting, regulatory (e.g., SEC SOX-404, HIPAA, FedRamp, EU Model Clauses and the proposed SEC Reg-SCI regulations) or contractual obligations (e.g., PCI DSS, DOD DISA), or effective and efficient operations. By doing this, the Defensive Audit Toolkit will elevate the state of the management practice, defining how to understand risks to business objectives, correctly scope and the substantiate of effectiveness of controls, which reduces the costs of audits and increases effectiveness of audits. (This community can be access by http://bit.ly/DevOpsAudit)
http://bit.ly/DevOpsAudit

Emma Cox

Discussion  - 
 
#Advanced #Composites #Market by Type (Carbon, S-Glass, Aramid), by Manufacturing Process, by Resin Type (Thermoplastics and Thermosetting), by Application (#Aerospace & #Defense, #Automotive, #Wind, #Sporting #Goods, Pipe & Tanks, Construction, Marine), and by Region Global Forecast to 2020

Download Free Sample Pages @ http://bit.ly/1McStb7
The #advanced #composites end #market in terms of value is expected to reach around USD 24.9 Billion by 2020, growing at a CAGR of 7.2% between 2015 and 2020.
#Aerospace & #defense, #wind and #automotive are the major industries where the use of #advanced #composite continues to increase as technology for its commercialization developing at good rate. Weight savings, fuel economy and other performance benefits will fuel the growth of advanced composite consumption in automotive sector. While need for alternative sources of energy is increasing the demand from wind application market.
Currently, North America is the largest consumer of advanced composites. Among all the countries in this region, the U.S. and Canada are important consumers of advanced composites. The market size, in terms of volume, is comparatively low in the RoW, but the market is estimated to grow between 2015 and 2020 as the demand from Brazil, South Africa, and the Middle East countries continue to grow
1
Add a comment...

Roane Holman

Discussion  - 
 
DevOps Toolchain eBook

eBook on the DevOps tool chain that explains what types of tools are out there, why you would need them, and what your options are.

free download below...


We've created an eBook on the DevOps toolchain that explains what types of tools are out there, why you would need them, and what your options are.
4
1
Peter Pan's profile photo
Add a comment...

Adarsh Mehrotra

Discussion  - 
1
Add a comment...
 
Release Engineer for software delivery and Meister for build automation now on Github - download for free at https://github.com/OpenMake-Software/ReleaseEngineer
1
Add a comment...
 
Lets Talk CI Scalability-A webinar presented by Steve Taylor, October 15th, 11:30 ET. He will cover best practices for fast, massive build and deploy processing.   Register at http://www.openmakesoftware.com/devops-thought-leadership-webinar-series/ 
1
Add a comment...

Rob England

Discussion  - 
 
How can an audit toolkit not mention COBIT?
3
Adarsh Mehrotra's profile photoRob England's profile photo
2 comments
 
COBIT details the controls to be produced in each process including deployment. You need to show an auditor that automation is producing all the artefacts that a manual process would have been audited for. Especially BAI06 and BAI07 I guess.
Add a comment...

Cristy Bird

Discussion  - 
 
The NEW DevOps eGuide is Now Available!

DevOps has moved into the spotlight of late. While developers and IT professionals have been coexisting for decades, DevOps as a formally recognized practice is relatively new and the inventory of reliable resources exploring how to innervate this movement is still rather sparse. This eGuide provides information you need both to start the DevOps conversation in your organization and to continue the momentum as the industry learns to navigate and strengthen the relationship between the development and IT groups.
1
1
John Dubinsky's profile photo
Add a comment...

Alan Chilton

Discussion  - 
 
You mention Jira "tickets" in the toolkit. Are you referring to Jira Service Desk, or Jira alone? Also, are you assuming integration between Service Now and Jira?
1
Add a comment...

Akshay Anand

Discussion  - 
 
Just read the toolkit paper. Fascinating & educational stuff, but I'm a bit disappointed that it reads like a product pitch (Jira, Tripwire, etc.) rather than a process pitch ... there wasn't any disclaimer in the foreword about not meaning to prescribe products, but to just use commonly used tools as an example either. I'm a big fan of The Phoenix Project, and hope that this was just simple oversight.
1
Shaun Mouton's profile photo
 
The overlap between Github Enterprise and Stash (since renamed to Bitbucket) is a little odd. Most organizations would use one or the other. 
Add a comment...
 
Financial Reporting Council is looking for an Audit Quality Review, Team Inspectors in London, UK #ICAEW #ACCA #IFRS #finance #jobs
1
Add a comment...